<?php
session_start();
	if(isset($_POST['oldpass'])&&isset($_SESSION['id']))
	{
		require_once("../includes/user.php");
		$user=new User;
		$res=$user->query("select * from user_profile where id='$_SESSION[id]'");
		$row=mysql_fetch_array($res);
		if($row['password']==md5($_POST['oldpass']))
		{
			echo 'true';
		}
		else
		{
			echo 'false';
		}
	}
	else if(isset($_POST['password'])&&isset($_SESSION['id']))
	{
		require_once("../includes/user.php");
		$user=new User;
		$data['password']=md5($_POST['password']);
		$user->record=$data;
		$user->update('user_profile',"id='$_SESSION[id]'");
	}
	else
	{
		echo '<h4>Invalid SID</h4>';
	}
?>